A same-origin policy bypass was discovered with local HTML files in somecircumstances. An attacker could potentially exploit this to obtainsensitive information. (CVE-2016-5291)

A crash was discovered when parsing URLs in some circumstances. If a userwere tricked in to opening a specially crafted website, an attacker couldpotentially exploit this to execute arbitrary code. (CVE-2016-5292)

A heap buffer-overflow was discovered in Cairo when processing SVGcontent. If a user were tricked in to opening a specially crafted website,an attacker could potentially exploit this to cause a denial of servicevia application crash, or execute arbitrary code. (CVE-2016-5296)

An error was discovered in argument length checking in Javascript. If auser were tricked in to opening a specially crafted website, an attackercould potentially exploit this to cause a denial of service viaapplication crash, or execute arbitrary code. (CVE-2016-5297)

An integer overflow was discovered in the Expat library. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash. (CVE-2016-9063)

It was discovered that addon updates failed to verify that the addon IDinside the signed package matched the ID of the addon being updated.An attacker that could perform a man-in-the-middle (MITM) attack couldpotentially exploit this to provide malicious addon updates.(CVE-2016-9064)

A buffer overflow was discovered in nsScriptLoadHandler. If a user weretricked in to opening a specially crafted website, an attacker couldpotentially exploit this to cause a denial of service via applicationcrash, or execute arbitrary code. (CVE-2016-9066)

2 use-after-free bugs were discovered during DOM operations in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit these to cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2016-9067,CVE-2016-9069)

A heap use-after-free was discovered during web animations in somecircumstances. If a user were tricked in to opening a specially craftedwebsite, an attacker could potentially exploit this to cause a denial ofservice via application crash, or execute arbitrary code. (CVE-2016-9068)

It was discovered that a page loaded in to the sidebar through a bookmarkcould reference a privileged chrome window. An attacker could potentiallyexploit this to bypass same origin restrictions. (CVE-2016-9070)

An issue was discovered with Content Security Policy (CSP) in combinationwith HTTP to HTTPS redirection. An attacker could potentially exploit thisto verify whether a site is within the user's browsing history.(CVE-2016-9071)

An issue was discovered with the windows.create() WebExtensions API. If auser were tricked in to installing a malicious extension, an attackercould potentially exploit this to escape the WebExtensions sandbox.(CVE-2016-9073)

It was discovered that WebExtensions can use the mozAddonManager API. Anattacker could potentially exploit this to install additional extensionswithout user permission. (CVE-2016-9075)

It was discovered that <select> element dropdown menus can cover locationbar content when e10s is enabled. An attacker could potentially exploitthis to conduct UI spoofing attacks. (CVE-2016-9076)

It was discovered that canvas allows the use of the feDisplacementMapfilter on cross-origin images. An attacker could potentially exploit thisto conduct timing attacks. (CVE-2016-9077)

Update instructions

The problem can be corrected by updating your system to the following
package version: